Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

CORRECTION

Managing OS security in large enterprise environments can be a daunting responsibility. Make it easy to consistently and predictably harden new or repurposed systems with Security Blanket, an automated tool for 'one click' hardening. Whether you lock down to industry guidelines or a customized profile, Security Blanket automatically hardens systems for you.

- --SANS Ottawa 2011, Ottawa, Ontario, August 28- September 2, 2011 6 courses. Bonus evening presentations include DNS Sinkhole: Peer Into Your Network While You Sleep; and I See What You Did There: Forensic Time Line Analysis http://www.sans.org/ottawa-2011/

- --SANS Network Security 2011, Las Vegas, NV, September 17-26, 2011 45 courses. Bonus evening presentations include Securing the Kids; Who is Watching the Watchers?; and Emerging Trends in the Law of Information Security and Investigations http://www.sans.org/network-security-2011/

TOP OF THE NEWS

Attackers Were in German Police Computers for Months (July 17 & 18, 2011)

Officials said that computer security professionals had found cyber intruders were inside German police and customs service computers for months before their presence was detected. Germany's federal agency for cyber security was quoted in a newspaper as saying that attackers infiltrated federal police computers in September 2010, but the attack was not detected until early 2011. The group claiming responsibility for the attacks has published some classified information from the customs service systems and says they have more sensitive information that they will disclose if any member of their group is arrested. Federal Police have reportedly arrested a man believed to be a member of that group, which calls itself "No Name Crew." -http://www.monstersandcritics.com/news/europe/news/article_1651622.php/Officials-hackers-were-in-German-police-computers-for-months-http://www.h-online.com/security/news/item/One-arrest-and-further-threats-in-the-German-police-hacker-case-1280885.html-http://www.thelocal.de/sci-tech/20110718-36375.html[Editor's Note (Murray): Even the NSA now assumes that there are compromised systems on their networks. That must now be the guiding assumption for all large networks. Behave accordingly. (Paller) And for US government agencies, the Information Assurance Division of the NSA published a great document summarizing Guidelines for Operating on a Compromised Network." Your agency CISO should have a copy if you need it. (Honan): The H-Online article provides an excellent insight into this attack and highlights that how deploying systems, in this case an Apache server, with default settings can be exploited by attackers. There are valuable resources such as the Center for Internet Security -http://www.cisecurity.org/index.cfm which provide you with the details on how not to make the same mistakes. ]

Carefully Thought-Out Patching Strategy Pays Off (June 15, 2011)

A recently issued report underscores problems inherent in the way most organizations handle security patches. According to "The Secunia Half Year Report 2011," organizations that implement a well-thought out patching strategy lower their vulnerability risks by as much as 80 percent. The number of plug-ins and other programs on endpoints makes the problem even more intractable. A company that patches all of the Windows flaws will still have more than three-quarters of their flaws unpatched. Secunia found that patching the most popular programs reduced risk by 31 percent, but patching the most critical programs reduced risk by 71 percent. "The analysis reveals that timely patching of the software portfolio of any organization is like chasing a continually moving target." -http://www.scmagazineus.com/report-says-firms-must-rethink-patching-strategy/article/207478/-http://secunia.com/blog/238[Editor's Comment (Northcutt): If anyone would know, Secunia would. If you have a PC and have not tried their PSI free patching tool, try it today! I find that piece of software to be very useful, especially when I get busy and put off updates: -http://secunia.com/vulnerability_scanning/personal]

[Editor's Note (Murray): And the Verizon DBR stresses that patching broadly is more effective than patching early. (Honan): This report makes for a good read and highlights some interesting issues, such as 26% of all advisories issued last year still remain unpatched. It also highlights that by not patching our systems cyber-criminals do not need to invest time and/or money in 0-day exploits. ]

[Editor's Note (Murray): Outsiders damage the brand; insiders bring down the business. Management and professionals are most often the culprits when business fails. The use of private detectives as a means of obtaining "plausible deniability" is tempting, even popular, but less effective than one might hope. ]*************************** SPONSORED LINKS ******************************

THE REST OF THE WEEK'S NEWS

A series of cyber camps sponsored by the U.S. Cyber Challenge, began last week at Cal Poly Pomona in southen California, with more than 30 campers spending four days in intensive classes taught by America's top cyber instructors and then finished with a capture-the-flag competition. Participants had to compete against hundreds of their peers just to win a place at the very competitive camp. Those who do best earn scholarships, recognition from state and national leaders, and follow-on opportunities for rapid skills advancement. According to Dan Manson, the Cal Poly faculty member who organized the California Camp, "The nation needs individuals who know what really sophisticated, bad hackers are doing. The only way we get there is by providing opportunities to go up the chain enabling talented young people to develop in-depth hands-on skills." Other camps are scheduled in Missouri, Virginia, Delaware and Maryland. -http://www.govtech.com/security/Cyber-Camp-Develops-Tomorrows-IT-Security-Pros.html

US Cyber Challenge Camps (July 18, 2011)

The 2011 US Cyber Challenge Summer Camp at Cal Poly Pomona took place last week. One of five such camps planned for this summer, the event at Cal Poly Pomona brought together 35 people with a talent for cyber security to experience training in various aspects of the field. The goal of the program is to identify and cultivate a corps of 10,000 people who will form the next generation of cyber security professionals. Cal Poly Pomona professor Dan Manson, who organized the camp, said that the environment underscores the idea that "cyber security is a team sport. ... We need to do a better job sharing what we do in cyber security, and we need to develop teams that can defend our country." A teen cyber camp was also held last week; 22 students attended the event in Essex, Maryland. -http://www.govtech.com/security/Cyber-Camp-Develops-Tomorrows-IT-Security-Pros.html-http://www.wbaltv.com/r/28563284/detail.html-http://cba.csupomona.edu/cba/news/cyber_camp_2011.aspx

Dept. of Energy Lab Back Online After Attack (July 15, 2011)

The US Department of Energy's (DOE) Pacific Northwest National Laboratory (PNNL) now has Internet access, two weeks after a security breach prompted the lab to take itself offline. Most of the lab's public websites are also available. The sites and system are not up yet and are still having security issues addressed. A PNNL spokesperson said that no sensitive information was compromised in the breach. -http://fcw.com/articles/2011/07/15/pnnl-back-online-after-hack.aspx

Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.

William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit https://www.sans.org/account/